OVMSA-2016-0158

ULN >
Oracle Linux Errata repository >
OVMSA-2016-0158

OVMSA-2016-0158 - Unbreakable Enterprise kernel security and bugfix update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2016-11-15

Description

[2.6.39-400.286.3]
- mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928646] {CVE-2016-5195}

[2.6.39-400.286.2]
- HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24798694] {CVE-2016-5829}

[2.6.39-400.286.1]
- Revert 'rds: skip rx/tx work when destroying connection' (Brian Maly) [Orabug: 24790158]

[2.6.39-400.285.1]
- netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}
- ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree() (Ashish Samant) [Orabug: 24587406]
- TTY: do not reset master's packet mode (Jiri Slaby) [Orabug: 24569399]
- ocfs2: Fix start offset to ocfs2_zero_range_for_truncate() (Ashish Samant) [Orabug: 24500401]
- rds: skip rx/tx work when destroying connection (Wengang Wang) [Orabug: 24314773]
- Revert 'IPoIB: serialize changing on tx_outstanding' (Wengang Wang) [Orabug: 23745787]
- xen/events: document behaviour when scanning the start word for events (Dongli Zhang) [Orabug: 23083945]
- xen/events: mask events when changing their VCPU binding (Dongli Zhang) [Orabug: 23083945]
- xen/events: initialize local per-cpu mask for all possible events (Dongli Zhang) [Orabug: 23083945]
- IB/mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Wengang Wang) [Orabug: 22570922]
- NFS: Remove BUG_ON() calls from the generic writeback code (Trond Myklebust) [Orabug: 22386565]
- ocfs2: return non-zero st_blocks for inline data (John Haxby) [Orabug: 22218262]
- oracleasm: Classify device connectivity issues as global errors (Martin K. Petersen) [Orabug: 21760143]
- Btrfs: fix truncation of compressed and inlined extents (Divya Indi) [Orabug: 22307286] {CVE-2015-8374}
- Btrfs: fix file corruption and data loss after cloning inline extents (Divya Indi) [Orabug: 22307286] {CVE-2015-8374}
- netfilter: x_tables: make sure e->next_offset covers remaining blob size (Florian Westphal) [Orabug: 24682073] {CVE-2016-4997} {CVE-2016-4998}
- netfilter: x_tables: validate e->target_offset early (Florian Westphal) [Orabug: 24682071] {CVE-2016-4997} {CVE-2016-4998}

[2.6.39-400.284.1]
- rds: schedule local connection activity in proper workqueue (Ajaykumar Hotchandani) [Orabug: 22819661]
- ib_core: make wait_event uninterruptible in ib_flush_fmr_pool() (Avinash Repaka) [Orabug: 24525022]
- net/mlx4: Support shutdown() interface (Ajaykumar Hotchandani) [Orabug: 24616261]
- KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393863] {CVE-2016-4470}

[2.6.39-400.283.1]
- atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23703990] {CVE-2016-2117}
- mlx4_core: add module parameter to disable background init (Mukesh Kacker) [Orabug: 23292107]
- NFSv4: Don't decode fs_locations if we didn't ask for them... (Trond Myklebust) [Orabug: 23633714]
- mm/slab: Improve performance of slabinfo stats gathering (Aruna Ramakrishna) [Orabug: 23050884]
- offload ib subnet manager port and node get info query handling. (Rama Nichanamatlu) [Orabug: 22521735]

[2.6.39-400.282.1]
- fix typo/thinko in get_random_bytes() (Tony Luck) [Orabug: 23726807]

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle VM 3.2 (x86_64)	kernel-uek-2.6.39-400.286.3.el5uek.src.rpm	ca3a6468afe29a80b9a771b1dafeb263	OVMSA-2021-0016
	kernel-uek-2.6.39-400.286.3.el5uek.x86_64.rpm	2fcd90ce2bd8fbee50d1edd98cfbcab4	OVMSA-2021-0016
	kernel-uek-firmware-2.6.39-400.286.3.el5uek.noarch.rpm	8cd06bb0d454dd5364c8ea1919fb55ba	OVMSA-2021-0016

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691